CVE-2023-53185
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-12-02
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 2.6.35 (inc) to 4.14.322 (exc) |
| linux | linux_kernel | From 4.15 (inc) to 4.19.291 (exc) |
| linux | linux_kernel | From 4.20 (inc) to 5.4.251 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.188 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.121 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.39 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.3.13 (exc) |
| linux | linux_kernel | From 6.4 (inc) to 6.4.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's ath9k wifi driver allows a malicious USB device to send a service connection response message targeting ENDPOINT0, which is reserved and should not be modified for other services. This could potentially allow the bad USB device to misuse or interfere with the reserved endpoint. The fix involves rejecting such service connection responses to prevent this misuse.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a malicious USB device to interfere with or manipulate the reserved ENDPOINT0 in the ath9k wifi driver, potentially leading to unexpected behavior or security issues in the system's handling of USB services related to wifi. This could compromise system stability or security depending on the context of use.